Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Q & A

 

New Tech Q&A: Adaptiva – CrowdStrike alliance highlights trend of blending IT and security systems

By Byron V. Acohido

The coalescing of the next-gen security platforms that will carry us forward continues.

Related: Jump starting vulnerability management

Adaptiva, a leader in autonomous endpoint management, recently announced the launch of OneSite Patch for CrowdStrike. This new solution integrates with CrowdStrike’s Falcon XDR platform to improve the efficiency and speed of patching critical vulnerabilities in enterprise systems.

This strategic alliance between Adaptiva and CrowdStrike makes a lot of sense. OneSite Patch leverages CrowdStrike’s rich threat intelligence and vulnerability data to prioritize and automate patch deployments.

Thus it provides a smooth path for companies to patch vulnerabilities and install updates much more efficiently. This pain point is intensifying at large and mid-sized enterprises as operations become more globally distributed and interconnected at the cloud edge.

The State of Patch Management in the Digital Workplace Report, for instance, underscores how legacy vulnerability management practices are by and large bereft of any meaningful strategic intent; for instance, some 79% of respondents said patch deployments are scheduled ad hoc or use a one-size fits all approach.

Last Watchdog engaged Davinder Singh, Chief Technology Officer at Adaptiva, to drill down on the current state of securing networks. Here’s that exchange, edited for clarity and length.

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

By Byron V. Acohido

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment.

Related: The advance of LLMs

For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

I first tapped Gunter Ollmann’s insights about botnets and evolving malware some 20 years when he was a VP Research at Damballa and I was covering Microsoft for USA TODAY. Today, Ollmann is the CTO of IOActive, a Seattle-based cybersecurity firm specializing in full-stack vulnerability assessments, penetration testing and security consulting. We recently reconnected. Here’s what we discussed, edited for clarity and length?

LW: In what ways are rules-driven cybersecurity solutions being supplanted by context-based solutions?

Ollmann: I wouldn’t describe rules-based solutions as being supplanted by context-based systems. It’s the dimensionality of the rules and the number of parameters consumed by the rules that have expanded to such an extent that a broad enough contextual understanding is achieved. Perhaps the biggest change lies in the way the rules are generated and maintained, where once a pool of highly skilled and experienced cybersecurity analysts iterated and codified actions as lovingly-maintained rules, today big data systems power machine learning systems to train complex classifiers and models. These complex models now adapt to the environments they’re deployed in without requiring a pool of analyst talent to tweak and tune.

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

By Byron V. Acohido

Identity and Access Management (IAM) is at a crossroads.

Related: Can IAM be a growth engine?

A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is  influencing IAM technologies to meet evolving identity threats.

IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

By the 1990s, single sign-on (SSO) solutions had caught, and with the explosion of web apps that followed came more sophisticated IAM solutions. Federated identity management emerged, allowing users to use the same identity across different domains and organizations, and standards like SAML (Security Assertion Markup Language) were developed to support this.

The emergence of cloud computing further pushed the need for robust IAM systems. Identity as a Service (IDaaS) began to gain traction, offering IAM capabilities through cloud providers.

News analysis Q&A: Shake up of the SIEM, UEBA markets continues as LogRhythm-Exabeam merge

By Byron V. Acohido

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense.

Related: Cisco pays $28 billion for Splunk

LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Forrester Principal Analyst Allie Mellen observes: “The combined organization is likely to push hard in the midmarket, where LogRhythm’s existing suite has had success and the Exabeam user experience makes it a more natural fit.”

Despite the promising synergies, Mellen cautioned that the merger alone would not resolve all challenges. “Both of these companies have faced challenges in recent years that are not solved by a merger,” she adds. “These include difficulty keeping pace with market innovation and with the transition to the cloud.” she said.

Last Watchdog engaged Mellon in a drill down on other ramifications. Here’s that exchange, edited for clarity and length.

LW: How difficult is it going to be for LogRhythm and Exabeam to align their differing market focuses; what potential conflicts are they going to have to resolve?

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

By Byron V. Acohido

CISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors.

Related: The ‘cyber’ case for D&O insurance

Vanessa Pegueros knows this all too well. She serves on the board of several technology companies and also happens to be steeped in cyber risk governance.

I recently attended an IoActive-sponsored event in Seattle at which Pegueros gave a presentation titled: “Merging Cybersecurity, the Board & Executive Team”

Pegueros shed light on the land mines that enshroud cybersecurity presentations made at the board level. She noted that most board members are non-technical, especially when it comes to the intricate nuances of cybersecurity, and that their decision-making is primarily driven by concerns about revenue and costs.

Thus, presenting a sky-is-falling scenario to justify a fatter security budget, “does not resonate at the board level,” she said in her talk. “Board members must be very optimistic; they have to believe in the vision for the company. And to some extent, they don’t always deal with the reality of what the situation really is.

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

By Byron V. Acohido

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

The report, titled “Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business,” argues for a paradigm shift. It’s logical that robust cybersecurity and privacy practices need become intrinsic in order to tap the full potential of massively interconnected, highly interoperable digital systems.

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies.

Last Watchdog engaged Forrester analyst Heidi Shey, the report’s lead author, in a discussion about how this could play out well, and contribute to an overall greater good. Here’s that exchange, edited for clarity and length.

Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

By Byron V. Acohido

A new tier of overlapping, interoperable, highly automated security platforms must, over the next decade, replace the legacy, on-premise systems that enterprises spent multiple kings’ fortunes building up over the past 25 years.

Related: How ‘XDR’ defeats silos

Now along comes a new book, Evading EDR: The Definitive Guide for Defeating Endpoint Detection Systems, by a red team expert, Matt Hand, that drills down a premier legacy security system that is in the midst of this transition: endpoint detection and response, EDR.

Emerging from traditional antivirus and endpoint protection platforms, EDR rose to the fore in the mid-2010s to improve upon the continuous monitoring of servers, desktops, laptops and mobile devices and put security teams in a better position to mitigate advanced threats, such as APTs and zero-day vulnerabilities.

Today, EDR is relied upon to detect and respond to phishing, account takeovers, BEC attacks, business logic hacks, ransomware campaigns and DDoS bombardments across an organization’s environment. It’s a key tool that security teams rely upon to read the tea leaves and